# Statistical decoding

@article{DebrisAlazard2017StatisticalD, title={Statistical decoding}, author={Thomas Debris-Alazard and Jean-Pierre Tillich}, journal={2017 IEEE International Symposium on Information Theory (ISIT)}, year={2017}, pages={1798-1802} }

The security of code-based cryptography relies primarily on the hardness of generic decoding with linear codes. The best generic decoding algorithms are all improvements of an old algorithm due to Prange: they are known under the name of information set decoding techniques (ISD). A while ago a generic decoding algorithm which does not belong to this family was proposed: statistical decoding. It is a randomized algorithm that requires the computation of a large set of parity-check equations of…

## 10 Citations

Improvement of Binary and Non Binary Statistical Decoding Algorithm

- Computer ScienceICISC
- 2019

This paper improves the Information-Set Decoding algorithm using the notion of bases lists in binary case and gives a non binary version of this improvement.

Survey on cryptanalysis of code-based cryptography: From theoretical to physical attacks

- Computer Science, Mathematics2018 7th International Conference on Computers Communications and Control (ICCCC)
- 2018

Some background on coding theory is proposed in order to present some of the main flawless in the protocols and analyze the existing side-channel attacks and give some recommendations on how to securely implement the most suitable variants.

Generalized Inverse Based Decoding

- Computer Science
- 2022

The GID framework clearly shows how each ISD algorithm, except for Prange’s solution, can be used as an SDP or LWP solver and Experimental results show a very good behavior of the GID solvers.

A tight security reduction in the quantum random oracle model for code-based signature schemes

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2017

It is shown that code-based signature schemes based on the full domain hash paradigm can behave very well in the QROM i.e. that the authors can have tight security reductions and the obtained parameters are competitive compared to other similar quantum secure signature schemes.

A polynomial attack on a NIST proposal: RankSign, a code-based signature in rank metric

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

All the parameters proposed for this scheme in [AGH17] can be broken by an algebraic attack that exploits the fact that the augmented LRPC codes used in this scheme have very low weight codewords.

An attack on a NIST proposal: RankSign, a code-based signature in rank metric

- Computer Science, MathematicsArXiv
- 2018

All the parameters proposed for this scheme in \cite{AGHRZ17} can be broken by an algebraic attack that exploits the fact that the augmented LRPC codes used in this scheme have very low weight codewords.

Two attacks on rank metric code-based schemes: RankSign and an Identity-Based-Encryption scheme

- Computer Science, Mathematics
- 2018

All the parameters proposed for this scheme in [AGHRZ17] can be broken by an algebraic attack that exploits the fact that the augmented LRPC codes used in this scheme have very low weight codewords, and the IBE cannot be instantiated at this time.

Correlated Pseudorandom Functions from Variable-Density LPN

- Computer Science, Mathematics2020 IEEE 61st Annual Symposium on Foundations of Computer Science (FOCS)
- 2020

This work presents efficient constructions of PCFs for a broad class of useful correlations, including oblivious transfer and multiplication triple correlations, from a variable-density variant of the Learning Parity with Noise assumption (VDLPN).

Efficient Pseudorandom Correlation Generators from Ring-LPN

- Computer Science, MathematicsCRYPTO
- 2020

This work showed how useful forms of correlated randomness can be generated using a cheap, one-time interaction, followed by only “silent” local computation via a pseudorandom correlation generator (PCG).

The problem with the SURF scheme

- Mathematics, Computer Science
- 2017

There is a serious problem with one of the assumptions made in the security proof of the SURF scheme. This problem turns out to be easy in the regime of parameters needed for the SURF scheme to work.…

## References

SHOWING 1-10 OF 20 REFERENCES

Decoding Random Linear Codes in Õ(20.054n)

- Computer Science
- 2012

A new algorithm for decoding linear codes is presented that is inspired by a representation technique due to Howgrave-Graham and Joux in the context of subset sum algorithms that offers a rigorous complexity analysis for random linear codes and brings the time complexity down to O 20.05363n.

Decoding Random Binary Linear Codes in 2n/20: How 1+1=0 Improves Information Set Decoding

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2012

It is shown how to further increase the number of representations and propose a new information set decoding algorithm with running time 20.0494n, which was improved to 20.0537n by May, Meurer and Thomae.

Analysis of Information Set Decoding for a Sub-linear Error Weight

- Computer SciencePQCrypto
- 2016

It is proved here that the constant c only depends of the code rate ki¾ź/iµn and is the same for all the known ISD variants mentioned above, including the fifty years old Prange algorithm.

On Computing Nearest Neighbors with Applications to Decoding of Binary Linear Codes

- Computer ScienceEUROCRYPT
- 2015

A new decoding algorithm for random binary linear codes, on which all variants of the currently best known decoding algorithms are build, is proposed.

The use of information sets in decoding cyclic codes

- Computer ScienceIRE Trans. Inf. Theory
- 1962

A class of decoding algorithms using encoding-and-comparison is considered for error-correcting code spaces and it is suggested on operational grounds that it may prove most useful in those cases where m is relatively large with respect to the code length n.

Statistical Decoding Revisited

- Computer ScienceACISP
- 2006

This paper looks at the statistical decoding attack on the McEliece cryptosystem, a probabilistic algorithm for correcting errors in random codes that uses precomptuations to provide faster error correction than the classical general decoding algorithms.

Security Bounds for the Design of Code-Based Cryptosystems

- Computer Science, MathematicsASIACRYPT
- 2009

Lower bounds are given on the work factor of idealized versions of code-based cryptography algorithms, taking into account all possible tweaks which could improve their practical complexity.

A Statistical Decoding Algorithm for General Linear Block Codes

- Computer ScienceIMACC
- 2001

A new decoding algorithm for general linear block codes that generates a direct estimate of the error locations based on exploiting the statistical information embedded in the classical syndrome decoding.

Modeling Bit Flipping Decoding Based on Nonorthogonal Check Sums With Application to Iterative Decoding Attack of McEliece Cryptosystem

- Computer ScienceIEEE Transactions on Information Theory
- 2007

The tradeoff between the Hamming weight (and overlapping) of the check sums and the number of redundant check sums required to start converging under iterative decoding is investigated.

MDPC-McEliece: New McEliece variants from Moderate Density Parity-Check codes

- Computer Science2013 IEEE International Symposium on Information Theory
- 2013

This work proposes two McEliece variants: one from Moderate Density Parity-Check (MDPC) codes and another from quasi-cyclic MDPC codes, which reduce under certain hypotheses the security of the scheme to the well studied decoding problem.